Embed Size (px)
Citation preview
Azure Networking Fridayswith the C+E Black Belts
Olivier Martin (@omartin) – Azure Networking Black Belt
Kevin Lopez (@kevlopez) – ER Partner Sales Executive
Jaime Schmidtke (@jaimesc) – ER Partner Sales Executive
Before we get started
• Welcome customers and partners!!!
• Material is public information. No NDA info here.
• Use the IM window for questions.
• Sessions are recorded.
• We’ll post material @ http://aka.ms/AzureNetworkingFridays
Agenda for November 11th, 2016
• NEXT SESSION IS DECEMBER 2ND DUE TO US THANKSGIVING ON NOV 24TH!
• Azure Networking from 0 to 60!
• Deep dive topic of the week : Securing Networks with NSGs
• Guest Speaker : Richard Carpenter
Principal Program Manager, Azure CAT
• ExpressRoute Partner Spotlight: Megaport
• Open Q&A !
Platform Services
Security & Management
Infrastructure Services
Web Apps
MobileApps
APIManagement
APIApps
LogicApps
NotificationHubs
Content DeliveryNetwork (CDN)
MediaServices
HDInsight MachineLearning
StreamAnalytics
DataFactory
EventHubs
MobileEngagement
ActiveDirectory
Multi-FactorAuthentication
Automation
Portal
Key Vault
BiztalkServices
HybridConnections
ServiceBus
StorageQueues
Store /Marketplace
HybridOperations
Backup
StorSimple
SiteRecovery
Import/Export
SQLDatabase
DocumentDB
RedisCache Search
Tables
SQL DataWarehouse
Azure AD Connect Health
AD PrivilegedIdentity Management
OperationalInsights
CloudServices
Batch Remote App
ServiceFabric Visual Studio
ApplicationInsights
Azure SDK
Team Project
VM Image Gallery& VM Depot
Secure site-to-site VPN connectivity
• SMB, Enterprises• Connect to Azure compute
Secure point-to-site connectivity
• Developers• POC Efforts• Small scale deployments• Connect from anywhere
ExpressRoute private connectivity
• SMB & Enterprises• Mission critical workloads• Backup/DR, media, HPC• Connect to all Azure services
Internet Connectivity
• Consumers• Access over public IP• DNS resolution• Connect from anywhere
ExpressRoute from 0 to 60Internet vs. ExpressRoute analogy
• Internet is like the “free”way on the left
• Drive is less predictable and may need to re-route to another road
• ExpressRoute is like the toll road on the right
• Drive is much more predictable.
• You pay extra, but its sure worth it
ExpressRoute has an uptime SLA and customers choose bandwidth!
What is ExpressRoute?
WAN
Public Internet
WAN
Public Internet
ExpressRoute
ExpressRoute is Dedicated Connectivity…
1.Connectivity to meet-up location
2. Aggregation partner’s exchange
platform
3. Microsoft ER implementation
Through a Peering Location!
Growing Global ExpressRoute Ecosystem
ExpressRoute & Microsoft Clouds
Customer’s network
Primary
Circuit
Traffic to public IP addresses in Azure
Traffic to Virtual Networks (VNETs)
Traffic to Office 365/CRMOL/S4B Services
Secondary
Circuit
Partner Edge
Microsoft Edge
SaaS
PaaS
IaaS
ExpressRoute circuit
Megaport, AT&T, etc.
VRF
Internet
• https://azure.microsoft.com/en-us/pricing/details/expressroute/• Egress is $0.025 per GB for Zone 1, $0.05 per GB for Zone 2, and $0.14 per GB for Zone 3
• Zone 1 = North America/Europe, Zone 2 = Asia Pacific, Zone 3 = Brazil
• Office 365 Requires Premium Add-On Circuits
Bandwidth
Metered Data -Port Only
Unlimited Data
All Zones Zone 1 (US, EMEA) Zone 2 (APAC) Zone 3 (Brazil)
50 Mbps $55 $300 $610 $872
100 Mbps $100 $575 $1,230 $1,300
200 Mbps $145 $1,150 $2,300 $3,220
500 Mbps $290 $2,750 $5,200 $5,200
1 Gbps $436 $5,700 $8,700 $8,700
2 Gbps $872 $11,400 $17,400 $17,400
5 Gbps $2,180 $25,650 $41,000 $41,000
10 Gbps $5,000 $51,300 $82,000 $82,000
Standard Circuit US$ Price Models for ExpressRoute
Premium Circuit Price Models for Azure Workloads
Unlimited Data Plan (Premium)
Circuit Size Zone 1 Zone 2 Zone 3
50 Mbps $ 375 $ 710 $ 972
100 Mbps $ 675 $ 1,405 $ 1,475
200 Mbps $ 1,300 $ 2,600 $ 3,520
500 Mbps $ 3,150 $ 6,000 $ 6,000
1 Gbps $ 6,450 $ 10,150 $ 10,150
2 Gbps $ 12,900 $ 19,650 $ 19,650
5 Gbps $ 28,650 $ 44,000 $ 44,000
10 Gbps $ 54,300 $ 85,000 $ 85,000
Data Transfer Pricing Zone 1: $0.025/GB, Zone 2: $0.050/GB, Zone 3: $0.140/GB
Metered Data Plan (Premium)
Cicuit Size Zone 1 Zone 2 Zone 3
50 Mbps $ 130 $ 155 $ 155
100 Mbps $ 200 $ 275 $ 275
200 Mbps $ 295 $ 445 $ 445
500 Mbps $ 690 $ 1,090 $ 1,090
1 Gbps $ 1,186 $ 1,886 $ 1,886
2 Gbps $ 2,372 $ 3,122 $ 3,122
5 Gbps $ 5,180 $ 5,180 $ 5,180
10 Gbps $ 8,000 $ 8,000 $ 8,000
The “meter” is for egress data. Data that leaves the Microsoft network back to the customer network is considered egress data.
Retiring due to ASM/ARM coexistenceLegend
How to get started workflow• Azure Subscription selected
and available• Network plan/design and
prerequisites done
• Install Azure PowerShell modules
• Install ASM Modules for ExpressRoute
• Install latest PowerShell• Install ARM modules for
Azure and Network• Create Resource Group
for the circuit
• Configure peerings*• O365/CRMOL• Azure PaaS
• Link VNETs for IaaS• Test connectivity
• Create the circuit via PowerShell or via GUI
• Send your ExpressRoute partner the Service Key and any other needed info
• Complete physical circuits/contracts with your Layer 2/Layer3 ER partner • ExpressRoute partner provisions
connectivity
ER partner work ASM specific
ARM specificGeneral Azure
Creating a circuit via portal.azure.com
• You can now choose GW SKU when creating ER gateway with the portal
Olivier ’s ExpressRoute Cheat SheetBasic Info Circuit 1
Bandwidth 500
Peering Location Silicon Valley
ExpressRoute Partner Name
i.e. AT&T,
Verizon, Level3,
Equinix, etc.
Resource Group Name & Location
Customer
defined
Billing typeMetered or
unmetered
SKU TypeStandard or
Premium
Legend
Customer Specific
information - adapt to
specific requirements
ER Partner specific
info
Variables needed
VLAN IDCustomer routing subnets /29 or 2*
/30 (public IPs)I.J.K.L/30 M.N.O.P/30 Q.R.S.T/30 U.V.W.X/30
Customer routing subnet /29 or 2*/30
(private or public IPs)A.B.C.D/30 E.F.G.H/30
Microsoft ASN
ASN Registrar
Peering ASN
Customer ASN
Advertised Prefix List (for outbound)
NAT pool (for inbound)
VNET info
priv. or pub ASN (e.g., 65100 or pub. ASN)
Private Peer (IAAS)
N/A
12076
N/A
100
N/A
Customer SNAT prefixes (NAT Pool)
N/A
Microsoft Peer (O365, CRMOL)
102
12076
i.e. ARIN
100
pub ASN only
Customer SNAT prefixes (NAT Pool)10.0.0.0/8, 0.0.0.0/0, etc.
Gateway name & /27 or /26 subnet
100
Public Peer (PaaS)
101
12076
N/A
N/A N/A
NAT pool used for MS IPsN/A
i.e. ARIN
100
pub ASN only
ExpressRoute Checklist & Updated O365 Guidance
PDF version to be available at @ http://aka.ms/ERCheckList
Updated Office365 guidance @ http://aka.ms/EROimplementation
ExpressRoute and Virtual Appliance Partner ContactsNimbo [email protected] ExpressRoute SI Partner
Perficient [email protected] ExpressRoute SI Partner
Project Leadership [email protected] ExpressRoute SI Partner
Aryaka [email protected] ExpressRoute Connectivity Partner
AT&T AT&T Information Request Form ExpressRoute Connectivity Partner
Comcast http://business.comcast.com/landingpage/microsoft-azure ExpressRoute Connectivity Partner
CoreSite [email protected] ExpressRoute Connectivity Partner
Equinix [email protected] ExpressRoute Connectivity Partner
Level 3 http://Level3.com/Azure ExpressRoute Connectivity Partner
Megaport [email protected] ExpressRoute Connectivity Partner
Orange [email protected] ExpressRoute Connectivity Partner
Tata [email protected] ExpressRoute Connectivity Partner
Verizon [email protected] ExpressRoute Connectivity Partner
Zayo [email protected] ExpressRoute Connectivity Partner
Riverbed [email protected] Network Virtual Appliance Partner
Barracuda [email protected] Network Virtual Appliance Partner
Check Point http://www.checkpoint.com/vsec Network Virtual Appliance Partner
Technical Deep Dive with special guest : Richard CarpenterPrincipal Program Manager, Azure CAT
Virtual Network
Backend10.3/16
Mid-tier10.2/16
Frontend10.1/16
VPN GW
Internet
On Premises 10.0/16
ERS2S VPNs
Internet
•
•
•
•
•
•
• Constraints
• requires a regional Vnet
•
• a VM (NSG applies to all the traffic that is sent and received by the VM instance)
• A subnet within a Vnet (NSG applies to all the traffic that is sent and received by ALL the VM instances in the subnet)
• A VM or subnet can be associated with only 1 NSG
• One NSG can contains up to 100 rules by default (500 max).
•
•
•
•
•
•
• Inbound rules: are applied on the incoming packets to a VM
• Outbound rules:
•
•
•
•
Pri Acces
s
Src Por
t
Dst Por
t
Protocol
Pri Acces
s
Src Por
t
Dst Por
t
Protocol
NSG 1
NSG 2
Note / Strictly Private & Confidential
Megaport enabled
ExpressRoute
The Fabric
Megaport is a software service controlling
a global hardware infrastructure.
It supplies elastic bandwidth for Internet
Peering and virtual connections to users
and services. These can be controlled via
an API stack, mobile app, or web portal to
enable automation and service flexibility.
Bringing the Fabric to the Enterprise
○ Instant access to cloud, carrier, and
content services from any Megaport
connected data center
○ Enabling enterprises to connect
multiple data centers and markets
○ Plan, manage, and deploy in real
time through a fully automated
software platform
SEATTLE
SAN FRANCISCO
LOS ANGELES
DALLAS
NEW YORK
TORONTO
ASHBURN
CHICAGO
HONG KONG
SINGAPORE
PERTH
BRISBANE
SYDNEY
MELBOURNE
AUCKLAND
LAS VEGAS
PORTLAND
RESTON
SAN JOSE,
SANTA CLARA
NEWARK
View all current locations at megaport.com/locations
DUBLIN
LONDON
MOSCOW
KIEV
DUSSELDORF,
BERLIN,
NURNBERG,
FRANKFURT,
MUNICH,
HAMBURG
SOFIA,
KAPITAN
ANDREEVO
THESSALONIKI
BUCHAREST
SKOPJE
VIENNALUXEMBOURG
STOCKHOLMAMSTERDAM
Why Megaport enabled ExpressRoute
○ No long-term contracts: flexible billing terms and pay as you
go consumption model
○ VXCs enabled within minutes across the Megaport fabric
○ SDN (Software Defined Networking) - customer managed
● Portal
● API
○ Elasticity - Megaport allows for dynamically allocating
bandwidth (i.e. “dialing” up/down as needed)
○ Data center and carrier/NSP agnostic
○ Hybrid cloud connectivity - one port - multiple VXCs
How Megaport Delivers ExpressRoute
ZONE 1 ZONE 2
ZONE 3
megaport.com/locations
Azure ExpressRoute
Enabled Locations:
● SeattleEquinix SE2 - primary
Internap SEF - secondary
● New YorkEquinix NY9 - primary
Telx NYC1 - secondary
● DallasEquinix DA1 - primary
Telx DAL1 - secondary
● Ashburn Equinix DC2 - primary
Coresite VA1 - secondary
● LACoresite LA1 - primary
Telx LOS1 - secondary
● Vegas Switch Supernap
● Toronto Cologix TOR1
Cologix TOR2
● Quebec City 4Degrees QC1
4Degrees QC2
● Chicago Equinix CH1
Equinix CH1
Note: to meet ExpressRoute SLAs, 2 VXCs are required (primary and secondary)
APAC
SINGAPORE
BRISBANE
MELBOURNE
PERTH
SYDNEYAUCKLAND
HONG KONG
Azure ExpressRoute
Enabled Locations:
● SingaporeEquinix HK1 - primary
Equinix HK2 - secondary
● Hong KongEquinix SG1 - primary
Equinix SG2 - secondary
● MelbourneNextDC M1 - primary
Melbourne DC - secondary
● Sydney Equinix SY1/2 - primary
Global Switch - secondary
Note: to meet ExpressRoute SLAs, 2
VXCs are required (primary and
secondary)
OUR VISIONTo become the global leader
in elastic interconnection
62
Recent Announcements
○ Digital Realty Trust partnership
○ First native ExpressRoute provider at Switch in Las Vegas
○ Deploying ExpressRoute this month in Quebec City and Toronto
○ Newest ExpressRoute locations:
● ExpressRoute for Azure GovCloud
● Chicago
● London
● Amsterdam
Digital Realty Trust Partnership
Our valued partnership pioneers a global interconnection
solution offered via Digital Realty’s hosted platform, Service
Exchange. Service Exchange is Powered by Megaport, enabling
users to establish direct, private connections to multiple cloud
service providers.
140 plus properties
Over 26 Million Square Feet
33 Global Metros
Over 2000 Customers
65
Customer Tools / Demo Time!
Megaport tools include web and mobile apps, plus an open API.
○ Plan and design interconnections
○ Instantaneous service provisioning
○ Rapid change management
○ Reporting tools for
management
○ DevOps support for additional
business applications
Thank youDavid McCullough
Cloud Strategy Director, North America
+1 650 823 7738
Misha Cetrone
Solutions Architect
+1 704 999 1528
Open Q&A
Thank you!Session recording will be posted shortly here :http://aka.ms/AzureNetworkingFridays
